Open ivankatliarchuk opened 10 months ago
Currently disable_upsert functionality is missing native support for transit engine. This absence can impact the precise control of resource lifecycles within Vault, potentially affecting the overall efficiency of infrastructure provisioning.
disable_upsert
transit
From the api docs
It is possible to manage disable_upsert with vault_generic_endpoint resource however, it's not very convinient.
vault_generic_endpoint
How resolved currently
resource "vault_generic_endpoint" "disable_upsert" { path = "transit/config/keys" data_json = <<EOT { "disable_upsert": true } EOT depends_on = [vault_mount.transit] }
or with null resource and curl command
curl -H "X-Vault-Token: $(vault print token)" --request POST --data @payload.json $VAULT_ADDR/v1/transit/config/keys
This require curl and vault cli installed and optional ansible
curl
vault
ansible
resource "vault_mount" "transit-example" { path = "transit-example" type = "transit" description = "This is an example transit secret engine mount" options = { disable_upsert = true } }
Docs: disable upsert
Yes
Description
Currently
disable_upsert
functionality is missing native support fortransit
engine. This absence can impact the precise control of resource lifecycles within Vault, potentially affecting the overall efficiency of infrastructure provisioning.From the api docs
It is possible to manage
disable_upsert
withvault_generic_endpoint
resource however, it's not very convinient.How resolved currently
or with null resource and curl command
This require
curl
andvault
cli installed and optionalansible
Affected Resource(s) and/or Data Source(s)
Potential Terraform Configuration
References
Docs: disable upsert
Would you like to implement a fix?
Yes